# TODO: revamp to use the same framework as the other VMs { pkgs, inputs, ... }: let address = "129.199.146.101"; in { imports = [ ./hardware.nix # NOTE: For now, only deploy the bare minimum ./photoprism.nix ./immich.nix ]; # Bootloader. networking = { hostName = "photoprism"; firewall.allowedTCPPorts = [ 22 80 443 8007 ]; firewall.allowedUDPPorts = [ ]; useNetworkd = true; }; disko.devices = import ./disko.nix; deployment.targetHost = address; # Set your time zone. time.timeZone = "Europe/Paris"; environment.systemPackages = with pkgs; [ neovim ]; services.openssh = { enable = true; settings = { PasswordAuthentication = false; }; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270" ]; security.acme.acceptTerms = true; security.acme.defaults.email = "webmaster@nixos.org"; systemd.network = { config.routeTables = { he = 100; mwan = 110; }; networks = { "10-ens18" = { name = "ens18"; networkConfig = { Description = "ENS uplink"; Address = [ "129.199.146.101/24" ]; Gateway = "129.199.146.254"; LLDP = true; }; }; }; }; # TODO: switch to unixsockets if supported services.nginx = { enable = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; clientMaxBodySize = "500m"; }; nix = { settings = { trusted-users = [ "@wheel" "root" "nix-ssh" ]; auto-optimise-store = true; }; #package = pkgs.nixUnstable; extraOptions = let empty_registry = builtins.toFile "empty-flake-registry.json" ''{"flakes":[],"version":2}''; in '' experimental-features = nix-command flakes flake-registry = ${empty_registry} builders-use-substitutes = true ''; registry.nixpkgs.flake = inputs.nixpkgs; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; }; system.stateVersion = "24.05"; }